forked from coop-cloud/outline
parent
84d65ce5f2
commit
cb4fe2e91b
|
@ -8,10 +8,11 @@ LETS_ENCRYPT_ENV=production
|
|||
|
||||
# –––––––––––––––– REQUIRED ––––––––––––––––
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_SECRET_KEY_VERSION=v1 # length=32
|
||||
SECRET_UTILS_SECRET_VERSION=v1 # length=32
|
||||
|
||||
SECRET_AWS_SECRET_ACCESS_KEY=v1
|
||||
SECRET_OIDC_CLIENT_SECRET_VERSION=v1
|
||||
|
||||
AWS_ACCESS_KEY_ID=
|
||||
AWS_REGION=
|
||||
|
|
52
compose.yml
52
compose.yml
|
@ -7,6 +7,16 @@ services:
|
|||
- backend
|
||||
- proxy
|
||||
image: outlinewiki/outline:0.60.3
|
||||
secrets:
|
||||
- aws_secret_key
|
||||
- db_password
|
||||
- oidc_client_secret
|
||||
- secret_key
|
||||
- utils_secret
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
volumes:
|
||||
- outline_data:/opt/outline
|
||||
environment:
|
||||
|
@ -17,13 +27,12 @@ services:
|
|||
- AWS_S3_UPLOAD_BUCKET_NAME
|
||||
- AWS_S3_UPLOAD_BUCKET_URL
|
||||
- AWS_S3_UPLOAD_MAX_SIZE
|
||||
- AWS_SECRET_ACCESS_KEY
|
||||
- DATABASE_URL=postgres://user:pass@${STACK_NAME}_postgres:5432/outline
|
||||
- DATABASE_URL_TEST=postgres://user:pass@${STACK_NAME}_postgres:5432/outline-test
|
||||
- AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/aws_secret_key
|
||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- FORCE_HTTPS=true
|
||||
- OIDC_AUTH_URI
|
||||
- OIDC_CLIENT_ID
|
||||
- OIDC_CLIENT_SECRET
|
||||
- OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
|
||||
- OIDC_DISPLAY_NAME
|
||||
- OIDC_SCOPES
|
||||
- OIDC_TOKEN_URI
|
||||
|
@ -31,10 +40,12 @@ services:
|
|||
- OIDC_USERNAME_CLAIM
|
||||
- PGSSLMODE=disable
|
||||
- REDIS_URL=redis://${STACK_NAME}_redis:6379
|
||||
- SECRET_KEY
|
||||
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||
- TEAM_LOGO
|
||||
- URL=https://$DOMAIN
|
||||
- UTILS_SECRET
|
||||
- UTILS_SECRET_FILE=/run/secrets/utils_secret
|
||||
command: yarn start
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
@ -57,13 +68,32 @@ services:
|
|||
image: postgres:11
|
||||
networks:
|
||||
- backend
|
||||
secrets:
|
||||
- db_password
|
||||
environment:
|
||||
POSTGRES_DB: outline
|
||||
POSTGRES_PASSWORD: pass
|
||||
POSTGRES_USER: user
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
||||
POSTGRES_USER: outline
|
||||
volumes:
|
||||
- "postgres_data:/var/lib/postgresql/data"
|
||||
|
||||
secrets:
|
||||
secret_key:
|
||||
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
||||
external: true
|
||||
utils_secret:
|
||||
name: ${STACK_NAME}_utils_secret_${SECRET_UTILS_SECRET_VERSION}
|
||||
external: true
|
||||
aws_access_key:
|
||||
name: ${STACK_NAME}_aws_access_key_${SECRET_AWS_SECRET_ACCESS_KEY_VERSION}
|
||||
external: true
|
||||
oidc_client_secret:
|
||||
name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
|
||||
external: true
|
||||
db_password:
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
external: true
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
@ -72,3 +102,9 @@ networks:
|
|||
volumes:
|
||||
outline_data:
|
||||
postgres_data:
|
||||
|
||||
configs:
|
||||
app_entrypoint:
|
||||
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_env "AWS_SECRET_ACCESS_KEY"
|
||||
file_env "OIDC_CLIENT_SECRET"
|
||||
file_env "UTILS_SECRET"
|
||||
file_env "DATABASE_PASSWORD"
|
||||
|
||||
export DATABASE_URL="postgres://outline:${DATABASE_PASSWORD}@${STACK_NAME}_postgres:5432/outline"
|
Loading…
Reference in New Issue